On Fri, Sep 24, 2004 at 09:20:06AM -0400, Matt Mejaski wrote: : [snip re: using Apache] : Currently, in Apache, I have some Alias'es to point to other directories on : the server (i.e. Alias /MyStuff C:\MyStuff), and then, I use a .htaccess : file to control access to /MyStuff. : : Now, I was wondering if I could get rid of Apache altogether and only use : Tomcat. : : I can set up a <Context> in Tomcat for my Apache Alias'es (i.e. <Context : path="/MyStuff" docBase="C:\MyStuff">), but I don't know how to control : security on that Context!
You're running into brick walls because you're trying to pull Apache magic with Tomcat (really, with Java webapps). The two worlds are similar but not the same. What you're really trying to do is have a single Tomcat instance that serves/manages content from paths outside of the context. Out of the box this will not work because Java webapps are meant to be self-contained applications that can be dropped into a container in framework fashion. : In Tomcat, is there an alternative way that i can use an Alias that will : share the security of my main app if my main app uses Container Managed : Security? Directly, out-of-the-box? Not to my knowledge. The choices I see are as follows: 1/ If you're willing to write some custom code, you could map the path "/MyStuff" to a servlet (a Page Controller) that streams those non-context files to users. 2/ separate your "virtual" Apache paths into full-fledged webapps (contexts), with their own deployment descriptors (web.xml) and security constraints defined therein. Look into single sign-on to handle inter-app credentials. 3/ put all of these files into a single webapp 4/ Stick with Apache on the front end =) -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
